@rectify-so/bridge 0.1.0

package/README.md

@@ -0,0 +1,48 @@
+# rectify-bridge
+
+Connect your locally-installed agent CLIs — **Claude Code**, **Codex**, and **OpenClaw** — to the [Rectify](https://rectify.so) AgentPulse dashboard.
+
+The bridge runs on your machine, reads your local session data, and opens a secure outbound tunnel so the dashboard can show your sessions, token usage, and let you chat. Nothing is installed system-wide and the bridge only makes **outbound** connections — no inbound SSH server required.
+
+## Usage
+
+In the Rectify dashboard, add a Claude Code / Codex / OpenClaw connection. You'll be given a one-line command:
+
+```bash
+npx rectify-bridge connect <token>
+```
+
+Run it on the machine where the CLI is installed and **keep the window open**. The dashboard updates automatically once connected. Press `Ctrl+C` to disconnect.
+
+### Options
+
+```
+npx rectify-bridge connect <token> [--api <url>]
+
+  --api <url>   Override the Rectify API base URL (default: https://api.rectify.so)
+  -h, --help    Show help
+```
+
+## Requirements
+
+- **Node.js 18+** (already present if you have the Claude Code or Codex CLI).
+- The **OpenSSH client** (`ssh`) — built into macOS, Linux, and Windows 10+.
+- For Claude Code connections: the `claude` CLI on your `PATH`.
+- For Codex connections: the `codex` CLI on your `PATH`.
+
+## What it reads
+
+- **Claude Code:** `~/.claude/projects/**/*.jsonl` (sessions) and `~/.claude/skills` (skills).
+- **Codex:** `~/.codex/sessions/**/*.jsonl` (sessions).
+
+Session files are read-only. Chat requests spawn the local CLI (`claude --print` / `codex exec`).
+
+## How it works
+
+1. Fetches its config (tunnel host/port, one-time key) from the Rectify API using the token.
+2. For Claude/Codex: starts a local HTTP server that serves parsed session data and proxies chat to the CLI.
+3. Opens a reverse SSH tunnel (outbound) so the Rectify backend can reach that local server. For OpenClaw it simply forwards the gateway port.
+
+## License
+
+MIT

package/dist/api.js

@@ -0,0 +1,33 @@
+import { warn } from './util.js';
+export class ApiClient {
+    apiBase;
+    token;
+    constructor(apiBase, token) {
+        this.apiBase = apiBase;
+        this.token = token;
+    }
+    url(path) {
+        const base = this.apiBase.replace(/\/+$/, '');
+        return `${base}/v1/agent-pulse/bridge/${this.token}${path}`;
+    }
+    async fetchConfig() {
+        const res = await fetch(this.url('/config'));
+        if (!res.ok) {
+            const text = await res.text().catch(() => '');
+            throw new Error(`Failed to fetch bridge config (HTTP ${res.status}). ${text}`.trim());
+        }
+        return (await res.json());
+    }
+    async reportConnected(info) {
+        try {
+            await fetch(this.url('/connected'), {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json' },
+                body: JSON.stringify(info),
+            });
+        }
+        catch (err) {
+            warn('Failed to report connected status:', err instanceof Error ? err.message : err);
+        }
+    }
+}

package/dist/index.js

@@ -0,0 +1,122 @@
+#!/usr/bin/env node
+import { ApiClient } from './api.js';
+import { Tunnel } from './tunnel.js';
+import { startLocalServer } from './server.js';
+import { log, warn } from './util.js';
+import * as claude from './readers/claude.js';
+import * as codex from './readers/codex.js';
+const DEFAULT_API_BASE = process.env.RECTIFY_API_BASE || 'https://api.rectify.so';
+function parseArgs(argv) {
+    const args = argv.slice(2);
+    let command;
+    let token;
+    let apiBase = DEFAULT_API_BASE;
+    const positionals = [];
+    for (let i = 0; i < args.length; i++) {
+        const a = args[i];
+        if (a === '--api' || a === '-a') {
+            apiBase = args[++i] ?? apiBase;
+        }
+        else if (a.startsWith('--api=')) {
+            apiBase = a.slice('--api='.length);
+        }
+        else if (a === '--help' || a === '-h') {
+            command = 'help';
+        }
+        else {
+            positionals.push(a);
+        }
+    }
+    if (!command)
+        command = positionals[0];
+    token = positionals[1];
+    return { command, token, apiBase };
+}
+function printHelp() {
+    console.log(`
+Rectify Bridge — connect your local agent CLIs to the Rectify dashboard.
+
+Usage:
+  npx rectify-bridge connect <token> [--api <url>]
+
+Commands:
+  connect <token>    Connect using the setup token shown in the Rectify dashboard.
+
+Options:
+  --api <url>        Override the Rectify API base URL (default: ${DEFAULT_API_BASE}).
+  -h, --help         Show this help.
+
+Keep this window open while connected. Press Ctrl+C to disconnect.
+`);
+}
+async function main() {
+    const { command, token, apiBase } = parseArgs(process.argv);
+    if (command === 'help' || !command) {
+        printHelp();
+        process.exit(command ? 0 : 1);
+    }
+    if (command !== 'connect') {
+        warn(`Unknown command: ${command}`);
+        printHelp();
+        process.exit(1);
+    }
+    if (!token) {
+        warn('Missing setup token. Usage: npx rectify-bridge connect <token>');
+        process.exit(1);
+    }
+    const api = new ApiClient(apiBase, token);
+    log('Fetching connection config from Rectify…');
+    const config = await api.fetchConfig();
+    log(`Connection type: ${config.mode}`);
+    let localTarget;
+    let closeServer;
+    if (config.mode === 'openclaw') {
+        localTarget = config.openclawPort ?? 18789;
+        log(`Forwarding your local OpenClaw gateway (port ${localTarget}).`);
+    }
+    else {
+        const reader = config.mode === 'codex_local' ? codex : claude;
+        const health = await reader.checkHealth();
+        if (!health.ok) {
+            warn(`Warning: ${health.error}`);
+            warn('The bridge will still start, but data will be empty until the issue is resolved.');
+        }
+        else {
+            log(`${health.cli} detected${health.version ? ` (${health.version})` : ''}.`);
+        }
+        const server = await startLocalServer(config.mode, config.bridgeToken);
+        localTarget = server.port;
+        closeServer = server.close;
+        void api.reportConnected({
+            os: process.platform,
+            cliInstalled: health.installed,
+            cliVersion: health.version ?? null,
+        });
+    }
+    const tunnel = new Tunnel({
+        tunnelHost: config.tunnelHost,
+        tunnelUser: config.tunnelUser,
+        remotePort: config.remotePort,
+        localTarget,
+        privateKey: config.privateKey,
+    });
+    tunnel.onUp(() => {
+        log('✓ Tunnel connected — keep this window open.');
+        if (config.mode === 'openclaw') {
+            void api.reportConnected({ os: process.platform });
+        }
+    });
+    await tunnel.start();
+    const shutdown = async () => {
+        log('Disconnecting…');
+        await tunnel.stop();
+        closeServer?.();
+        process.exit(0);
+    };
+    process.on('SIGINT', () => void shutdown());
+    process.on('SIGTERM', () => void shutdown());
+}
+main().catch((err) => {
+    warn(err instanceof Error ? err.message : String(err));
+    process.exit(1);
+});

package/dist/readers/claude.js

@@ -0,0 +1,227 @@
+import { promises as fs } from 'node:fs';
+import { homedir } from 'node:os';
+import { join, basename } from 'node:path';
+import { parseJsonl, whichBinary, run } from '../util.js';
+const ACTIVE_THRESHOLD_MS = 15 * 60 * 1000;
+const MAX_FILE_BYTES = 50 * 1024 * 1024;
+const MODEL_PRICING = {
+    'claude-opus-4-7': { input: 15 / 1_000_000, output: 75 / 1_000_000 },
+    'claude-opus-4-6': { input: 15 / 1_000_000, output: 75 / 1_000_000 },
+    'claude-sonnet-4-6': { input: 3 / 1_000_000, output: 15 / 1_000_000 },
+    'claude-haiku-4-5': { input: 0.8 / 1_000_000, output: 4 / 1_000_000 },
+};
+const DEFAULT_PRICING = { input: 3 / 1_000_000, output: 15 / 1_000_000 };
+const claudeDir = () => join(homedir(), '.claude');
+const projectsDir = () => join(claudeDir(), 'projects');
+async function walkJsonl(dir, depth = 0) {
+    if (depth > 4)
+        return [];
+    let entries;
+    try {
+        entries = await fs.readdir(dir, { withFileTypes: true });
+    }
+    catch {
+        return [];
+    }
+    const out = [];
+    for (const entry of entries) {
+        const full = join(dir, entry.name);
+        if (entry.isDirectory()) {
+            out.push(...(await walkJsonl(full, depth + 1)));
+        }
+        else if (entry.isFile() && entry.name.endsWith('.jsonl')) {
+            try {
+                const stat = await fs.stat(full);
+                out.push({ path: full, mtimeMs: stat.mtimeMs });
+            }
+            catch {
+                // ignore
+            }
+        }
+    }
+    return out;
+}
+function summarize(file, entries) {
+    if (entries.length === 0)
+        return null;
+    const sessionId = basename(file.path).replace(/\.jsonl$/i, '');
+    let model = null;
+    let gitBranch = null;
+    let cwd = null;
+    let userMessages = 0;
+    let assistantMessages = 0;
+    let inputTokens = 0;
+    let outputTokens = 0;
+    let firstTs = null;
+    let lastTs = null;
+    for (const entry of entries) {
+        if (entry.gitBranch)
+            gitBranch = entry.gitBranch;
+        if (entry.cwd)
+            cwd = entry.cwd;
+        if (entry.timestamp) {
+            const ts = Date.parse(entry.timestamp);
+            if (Number.isFinite(ts)) {
+                if (firstTs === null || ts < firstTs)
+                    firstTs = ts;
+                if (lastTs === null || ts > lastTs)
+                    lastTs = ts;
+            }
+        }
+        const msg = entry.message;
+        if (!msg)
+            continue;
+        if (msg.model)
+            model = msg.model;
+        if (msg.role === 'user')
+            userMessages++;
+        if (msg.role === 'assistant')
+            assistantMessages++;
+        if (msg.usage) {
+            inputTokens += msg.usage.input_tokens ?? 0;
+            outputTokens += msg.usage.output_tokens ?? 0;
+        }
+    }
+    const pricing = (model && MODEL_PRICING[model]) || DEFAULT_PRICING;
+    const estimatedCost = inputTokens * pricing.input + outputTokens * pricing.output;
+    const isActive = (lastTs ?? file.mtimeMs) > Date.now() - ACTIVE_THRESHOLD_MS;
+    const projectSlug = cwd ? basename(cwd) : 'claude';
+    return {
+        id: sessionId,
+        key: sessionId,
+        sessionId,
+        displayName: projectSlug || sessionId,
+        projectSlug,
+        projectPath: cwd,
+        model,
+        gitBranch,
+        userMessages,
+        assistantMessages,
+        inputTokens,
+        outputTokens,
+        totalTokens: inputTokens + outputTokens,
+        estimatedCost,
+        firstMessageAt: firstTs ? new Date(firstTs).toISOString() : null,
+        lastMessageAt: lastTs ? new Date(lastTs).toISOString() : null,
+        status: isActive ? 'active' : 'idle',
+        isActive,
+    };
+}
+export async function checkHealth() {
+    const bin = await whichBinary('claude');
+    if (!bin) {
+        return {
+            ok: false,
+            cli: 'claude',
+            installed: false,
+            error: 'Claude Code CLI not found on this machine. Install with: npm install -g @anthropic-ai/claude-code',
+        };
+    }
+    let version = null;
+    try {
+        const result = await run('claude', ['--version'], { timeoutMs: 8000 });
+        version = result.stdout.trim().split(/\r?\n/)[0] || null;
+    }
+    catch {
+        // ignore
+    }
+    try {
+        await fs.access(claudeDir());
+    }
+    catch {
+        return {
+            ok: false,
+            cli: 'claude',
+            installed: true,
+            version,
+            error: '~/.claude directory not found. Run `claude` once to initialize.',
+        };
+    }
+    return { ok: true, cli: 'claude', installed: true, version };
+}
+export async function listSessions(limit = 50, skip = 0) {
+    const files = await walkJsonl(projectsDir());
+    files.sort((a, b) => b.mtimeMs - a.mtimeMs);
+    const slice = files.slice(skip, skip + limit + 1);
+    const sessions = [];
+    for (const file of slice.slice(0, limit)) {
+        try {
+            const stat = await fs.stat(file.path);
+            if (stat.size > MAX_FILE_BYTES)
+                continue;
+            const content = await fs.readFile(file.path, 'utf8');
+            const entries = parseJsonl(content);
+            const summary = summarize(file, entries);
+            if (summary)
+                sessions.push(summary);
+        }
+        catch {
+            // skip unreadable
+        }
+    }
+    return { sessions, hasMore: slice.length > limit };
+}
+export async function sessionHistory(key, limit = 100, skip = 0) {
+    const files = await walkJsonl(projectsDir());
+    const target = files.find((f) => basename(f.path) === `${key}.jsonl`);
+    if (!target)
+        return { messages: [], hasMore: false };
+    const content = await fs.readFile(target.path, 'utf8');
+    const entries = parseJsonl(content);
+    const messages = entries
+        .filter((e) => e.message?.role === 'user' || e.message?.role === 'assistant')
+        .map((e) => {
+        const m = e.message;
+        const text = typeof m.content === 'string'
+            ? m.content
+            : Array.isArray(m.content)
+                ? m.content.filter((c) => c.type === 'text').map((c) => c.text ?? '').join('\n')
+                : '';
+        return {
+            role: m.role ?? 'assistant',
+            content: text,
+            timestamp: e.timestamp,
+            model: m.model ?? null,
+            usage: m.usage
+                ? { input: m.usage.input_tokens ?? 0, output: m.usage.output_tokens ?? 0 }
+                : null,
+        };
+    });
+    const sliced = messages.slice(skip, skip + limit);
+    return { messages: sliced, hasMore: skip + limit < messages.length };
+}
+export async function listSkills() {
+    const dir = join(claudeDir(), 'skills');
+    try {
+        const entries = await fs.readdir(dir, { withFileTypes: true });
+        const skills = entries
+            .filter((e) => e.isDirectory() || e.name.endsWith('.md'))
+            .map((e) => ({
+            key: e.name.replace(/\.md$/i, ''),
+            name: e.name.replace(/\.md$/i, ''),
+            enabled: true,
+            source: 'local',
+        }));
+        return { skills };
+    }
+    catch {
+        return { skills: [] };
+    }
+}
+export async function usage() {
+    const { sessions } = await listSessions(200, 0);
+    let totalCost = 0;
+    let totalTokens = 0;
+    for (const s of sessions) {
+        totalCost += s.estimatedCost;
+        totalTokens += s.totalTokens;
+    }
+    return { totalCost, totalTokens, sessionCount: sessions.length };
+}
+export async function chat(message) {
+    const result = await run('claude', ['--print'], { input: message, timeoutMs: 180000 });
+    if (result.code !== 0) {
+        throw new Error(result.stderr || result.stdout || `claude exited with code ${result.code}`);
+    }
+    return result.stdout.trim();
+}

package/dist/readers/codex.js

@@ -0,0 +1,200 @@
+import { promises as fs } from 'node:fs';
+import { homedir } from 'node:os';
+import { join, basename } from 'node:path';
+import { parseJsonl, whichBinary, run } from '../util.js';
+const ACTIVE_THRESHOLD_MS = 90 * 60 * 1000;
+const MAX_FILE_BYTES = 50 * 1024 * 1024;
+const codexDir = () => join(homedir(), '.codex');
+const sessionsDir = () => join(codexDir(), 'sessions');
+async function walkJsonl(dir, depth = 0) {
+    if (depth > 4)
+        return [];
+    let entries;
+    try {
+        entries = await fs.readdir(dir, { withFileTypes: true });
+    }
+    catch {
+        return [];
+    }
+    const out = [];
+    for (const entry of entries) {
+        const full = join(dir, entry.name);
+        if (entry.isDirectory()) {
+            out.push(...(await walkJsonl(full, depth + 1)));
+        }
+        else if (entry.isFile() && entry.name.endsWith('.jsonl')) {
+            try {
+                const stat = await fs.stat(full);
+                out.push({ path: full, mtimeMs: stat.mtimeMs });
+            }
+            catch {
+                // ignore
+            }
+        }
+    }
+    return out;
+}
+function deriveSessionId(filePath) {
+    const stripped = basename(filePath).replace(/\.jsonl$/i, '');
+    const match = stripped.match(/([0-9a-f]{8,}-[0-9a-f-]{8,})$/i);
+    return match?.[1] ?? stripped;
+}
+function summarize(file, entries) {
+    if (entries.length === 0)
+        return null;
+    const sessionId = deriveSessionId(file.path);
+    let model = null;
+    let userMessages = 0;
+    let assistantMessages = 0;
+    let inputTokens = 0;
+    let outputTokens = 0;
+    let firstTs = null;
+    let lastTs = null;
+    for (const entry of entries) {
+        if (entry.model)
+            model = entry.model;
+        const role = entry.message?.role ?? entry.role;
+        if (role === 'user')
+            userMessages++;
+        if (role === 'assistant')
+            assistantMessages++;
+        if (entry.usage) {
+            inputTokens += entry.usage.input_tokens ?? entry.usage.prompt_tokens ?? 0;
+            outputTokens += entry.usage.output_tokens ?? entry.usage.completion_tokens ?? 0;
+        }
+        const tsRaw = entry.timestamp ?? entry.ts;
+        if (tsRaw !== undefined) {
+            const ts = typeof tsRaw === 'number' ? tsRaw : Date.parse(String(tsRaw));
+            if (Number.isFinite(ts)) {
+                if (firstTs === null || ts < firstTs)
+                    firstTs = ts;
+                if (lastTs === null || ts > lastTs)
+                    lastTs = ts;
+            }
+        }
+    }
+    const isActive = (lastTs ?? file.mtimeMs) > Date.now() - ACTIVE_THRESHOLD_MS;
+    return {
+        id: sessionId,
+        key: sessionId,
+        sessionId,
+        displayName: sessionId,
+        projectSlug: 'codex',
+        projectPath: null,
+        model,
+        userMessages,
+        assistantMessages,
+        inputTokens,
+        outputTokens,
+        totalTokens: inputTokens + outputTokens,
+        estimatedCost: 0,
+        firstMessageAt: firstTs ? new Date(firstTs).toISOString() : null,
+        lastMessageAt: lastTs ? new Date(lastTs).toISOString() : null,
+        status: isActive ? 'active' : 'idle',
+        isActive,
+    };
+}
+export async function checkHealth() {
+    const bin = (await whichBinary('codex')) || (await whichBinary('codex-cli'));
+    if (!bin) {
+        return {
+            ok: false,
+            cli: 'codex',
+            installed: false,
+            error: 'Codex CLI not found on this machine. Install with: npm install -g @openai/codex',
+        };
+    }
+    let version = null;
+    try {
+        const result = await run('codex', ['--version'], { timeoutMs: 8000 });
+        version = result.stdout.trim().split(/\r?\n/)[0] || null;
+    }
+    catch {
+        // ignore
+    }
+    try {
+        await fs.access(codexDir());
+    }
+    catch {
+        return {
+            ok: false,
+            cli: 'codex',
+            installed: true,
+            version,
+            error: '~/.codex directory not found. Run `codex` once to initialize.',
+        };
+    }
+    return { ok: true, cli: 'codex', installed: true, version };
+}
+export async function listSessions(limit = 50, skip = 0) {
+    const files = await walkJsonl(sessionsDir());
+    files.sort((a, b) => b.mtimeMs - a.mtimeMs);
+    const slice = files.slice(skip, skip + limit + 1);
+    const sessions = [];
+    for (const file of slice.slice(0, limit)) {
+        try {
+            const stat = await fs.stat(file.path);
+            if (stat.size > MAX_FILE_BYTES)
+                continue;
+            const content = await fs.readFile(file.path, 'utf8');
+            const entries = parseJsonl(content);
+            const summary = summarize(file, entries);
+            if (summary)
+                sessions.push(summary);
+        }
+        catch {
+            // skip
+        }
+    }
+    return { sessions, hasMore: slice.length > limit };
+}
+export async function sessionHistory(key, limit = 100, skip = 0) {
+    const files = await walkJsonl(sessionsDir());
+    const target = files.find((f) => deriveSessionId(f.path) === key);
+    if (!target)
+        return { messages: [], hasMore: false };
+    const content = await fs.readFile(target.path, 'utf8');
+    const entries = parseJsonl(content);
+    const messages = entries
+        .filter((e) => {
+        const role = e.message?.role ?? e.role;
+        return role === 'user' || role === 'assistant';
+    })
+        .map((e) => {
+        const role = e.message?.role ?? e.role ?? 'assistant';
+        const rawContent = e.message?.content ?? e.content;
+        const text = typeof rawContent === 'string'
+            ? rawContent
+            : Array.isArray(rawContent)
+                ? rawContent.filter((c) => c?.type === 'text').map((c) => c?.text ?? '').join('\n')
+                : '';
+        return {
+            role,
+            content: text,
+            timestamp: typeof e.timestamp === 'string' ? e.timestamp : undefined,
+            model: e.model ?? null,
+            usage: e.usage
+                ? {
+                    input: e.usage.input_tokens ?? e.usage.prompt_tokens ?? 0,
+                    output: e.usage.output_tokens ?? e.usage.completion_tokens ?? 0,
+                }
+                : null,
+        };
+    });
+    const sliced = messages.slice(skip, skip + limit);
+    return { messages: sliced, hasMore: skip + limit < messages.length };
+}
+export async function usage() {
+    const { sessions } = await listSessions(200, 0);
+    let totalTokens = 0;
+    for (const s of sessions)
+        totalTokens += s.totalTokens;
+    return { totalCost: 0, totalTokens, sessionCount: sessions.length };
+}
+export async function chat(message) {
+    const result = await run('codex', ['exec', message], { timeoutMs: 180000 });
+    if (result.code !== 0) {
+        throw new Error(result.stderr || result.stdout || `codex exited with code ${result.code}`);
+    }
+    return result.stdout.trim();
+}

package/dist/server.js

@@ -0,0 +1,93 @@
+import http from 'node:http';
+import { URL } from 'node:url';
+import { log, warn } from './util.js';
+import * as claude from './readers/claude.js';
+import * as codex from './readers/codex.js';
+function readerFor(mode) {
+    return mode === 'codex_local' ? codex : claude;
+}
+async function readBody(req) {
+    const chunks = [];
+    for await (const chunk of req)
+        chunks.push(chunk);
+    return Buffer.concat(chunks).toString('utf8');
+}
+function sendJson(res, status, body) {
+    const payload = JSON.stringify(body);
+    res.writeHead(status, { 'Content-Type': 'application/json' });
+    res.end(payload);
+}
+export function startLocalServer(mode, token) {
+    const reader = readerFor(mode);
+    const server = http.createServer((req, res) => {
+        void handle(req, res).catch((err) => {
+            warn('Request error:', err?.message ?? err);
+            sendJson(res, 500, { error: err instanceof Error ? err.message : 'Internal error' });
+        });
+    });
+    async function handle(req, res) {
+        const auth = req.headers['authorization'];
+        const bearer = typeof auth === 'string' && auth.startsWith('Bearer ') ? auth.slice(7).trim() : '';
+        if (bearer !== token) {
+            sendJson(res, 401, { error: 'Unauthorized' });
+            return;
+        }
+        const url = new URL(req.url ?? '/', 'http://localhost');
+        const path = url.pathname.replace(/\/+$/, '') || '/';
+        const limit = Number(url.searchParams.get('limit') ?? '50') || 50;
+        const skip = Number(url.searchParams.get('skip') ?? '0') || 0;
+        if (req.method === 'GET' && path === '/health') {
+            const health = await reader.checkHealth();
+            sendJson(res, 200, health);
+            return;
+        }
+        if (req.method === 'GET' && path === '/sessions') {
+            const result = await reader.listSessions(limit, skip);
+            sendJson(res, 200, result);
+            return;
+        }
+        if (req.method === 'GET' && path.startsWith('/sessions/') && path.endsWith('/history')) {
+            const key = decodeURIComponent(path.slice('/sessions/'.length, -'/history'.length));
+            const result = await reader.sessionHistory(key, limit, skip);
+            sendJson(res, 200, result);
+            return;
+        }
+        if (req.method === 'GET' && path === '/skills') {
+            const result = 'listSkills' in reader ? await reader.listSkills() : { skills: [] };
+            sendJson(res, 200, result);
+            return;
+        }
+        if (req.method === 'GET' && path === '/usage') {
+            const result = await reader.usage();
+            sendJson(res, 200, result);
+            return;
+        }
+        if (req.method === 'POST' && path === '/chat') {
+            const raw = await readBody(req);
+            let message = '';
+            try {
+                message = JSON.parse(raw).message ?? '';
+            }
+            catch {
+                sendJson(res, 400, { error: 'Invalid JSON body' });
+                return;
+            }
+            if (!message.trim()) {
+                sendJson(res, 400, { error: 'message is required' });
+                return;
+            }
+            const content = await reader.chat(message);
+            sendJson(res, 200, { content });
+            return;
+        }
+        sendJson(res, 404, { error: 'Not found' });
+    }
+    return new Promise((resolve) => {
+        server.listen(0, '127.0.0.1', () => {
+            const addr = server.address();
+            const port = typeof addr === 'object' && addr ? addr.port : 0;
+            log(`Local API server listening on 127.0.0.1:${port}`);
+            resolve({ port, close: () => server.close() });
+        });
+    });
+}

package/dist/tunnel.js

@@ -0,0 +1,102 @@
+import { spawn } from 'node:child_process';
+import { promises as fs } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import { randomBytes } from 'node:crypto';
+import { log, warn } from './util.js';
+const RECONNECT_DELAYS_MS = [3000, 5000, 10000, 30000];
+export class Tunnel {
+    opts;
+    child = null;
+    keyPath = null;
+    stopped = false;
+    reconnectAttempt = 0;
+    onUpCallback;
+    constructor(opts) {
+        this.opts = opts;
+    }
+    onUp(cb) {
+        this.onUpCallback = cb;
+    }
+    async writeKey() {
+        const dir = await fs.mkdtemp(join(tmpdir(), 'rectify-bridge-'));
+        const keyPath = join(dir, `key_${randomBytes(4).toString('hex')}`);
+        await fs.writeFile(keyPath, this.opts.privateKey.endsWith('\n') ? this.opts.privateKey : `${this.opts.privateKey}\n`, { mode: 0o600 });
+        if (process.platform !== 'win32') {
+            try {
+                await fs.chmod(keyPath, 0o600);
+            }
+            catch { /* ignore */ }
+        }
+        return keyPath;
+    }
+    async start() {
+        this.stopped = false;
+        if (!this.keyPath) {
+            this.keyPath = await this.writeKey();
+        }
+        this.spawnSsh();
+    }
+    spawnSsh() {
+        if (this.stopped || !this.keyPath)
+            return;
+        const { tunnelHost, tunnelUser, remotePort, localTarget } = this.opts;
+        const args = [
+            '-i', this.keyPath,
+            '-N',
+            '-R', `127.0.0.1:${remotePort}:localhost:${localTarget}`,
+            '-o', 'ServerAliveInterval=30',
+            '-o', 'ServerAliveCountMax=3',
+            '-o', 'ExitOnForwardFailure=yes',
+            '-o', 'StrictHostKeyChecking=no',
+            '-o', 'UserKnownHostsFile=/dev/null',
+            `${tunnelUser}@${tunnelHost}`,
+        ];
+        log(`Opening tunnel: remote ${tunnelHost}:${remotePort} → localhost:${localTarget}`);
+        const child = spawn('ssh', args, { stdio: ['ignore', 'pipe', 'pipe'] });
+        this.child = child;
+        // Heuristic: if the process stays up ~2s, consider the forward established.
+        const upTimer = setTimeout(() => {
+            if (!this.stopped && this.child === child && child.exitCode === null) {
+                this.reconnectAttempt = 0;
+                this.onUpCallback?.();
+            }
+        }, 2500);
+        child.stderr?.on('data', (d) => {
+            const line = d.toString().trim();
+            if (line)
+                warn(`ssh: ${line}`);
+        });
+        child.on('exit', (code, signal) => {
+            clearTimeout(upTimer);
+            if (this.stopped)
+                return;
+            warn(`Tunnel exited (code=${code ?? 'null'} signal=${signal ?? 'null'}). Reconnecting…`);
+            const delay = RECONNECT_DELAYS_MS[Math.min(this.reconnectAttempt, RECONNECT_DELAYS_MS.length - 1)];
+            this.reconnectAttempt++;
+            setTimeout(() => this.spawnSsh(), delay);
+        });
+        child.on('error', (err) => {
+            clearTimeout(upTimer);
+            if (err && err.code === 'ENOENT') {
+                warn('`ssh` command not found. Install OpenSSH client (built into macOS, Linux, and Windows 10+).');
+                this.stop();
+            }
+        });
+    }
+    async stop() {
+        this.stopped = true;
+        if (this.child) {
+            this.child.kill();
+            this.child = null;
+        }
+        if (this.keyPath) {
+            try {
+                const dir = join(this.keyPath, '..');
+                await fs.rm(dir, { recursive: true, force: true });
+            }
+            catch { /* ignore */ }
+            this.keyPath = null;
+        }
+    }
+}

package/dist/types.js

@@ -0,0 +1 @@
+export {};

package/dist/util.js

@@ -0,0 +1,75 @@
+import { spawn } from 'node:child_process';
+export function log(...args) {
+    const ts = new Date().toISOString().slice(11, 19);
+    console.log(`[${ts}]`, ...args);
+}
+export function warn(...args) {
+    const ts = new Date().toISOString().slice(11, 19);
+    console.warn(`[${ts}]`, ...args);
+}
+const IS_WIN = process.platform === 'win32';
+export function run(command, args, options = {}) {
+    const timeoutMs = options.timeoutMs ?? 120000;
+    return new Promise((resolve, reject) => {
+        const child = spawn(command, args, { shell: IS_WIN });
+        let stdout = '';
+        let stderr = '';
+        let settled = false;
+        const timer = setTimeout(() => {
+            if (settled)
+                return;
+            settled = true;
+            child.kill('SIGKILL');
+            reject(new Error(`Command timed out after ${timeoutMs}ms: ${command}`));
+        }, timeoutMs);
+        child.stdout?.on('data', (d) => { stdout += d.toString(); });
+        child.stderr?.on('data', (d) => { stderr += d.toString(); });
+        child.on('error', (err) => {
+            if (settled)
+                return;
+            settled = true;
+            clearTimeout(timer);
+            reject(err);
+        });
+        child.on('close', (code) => {
+            if (settled)
+                return;
+            settled = true;
+            clearTimeout(timer);
+            resolve({ stdout, stderr, code });
+        });
+        if (options.input !== undefined && child.stdin) {
+            child.stdin.write(options.input);
+            child.stdin.end();
+        }
+    });
+}
+export async function whichBinary(name) {
+    try {
+        const finder = IS_WIN ? 'where' : 'which';
+        const result = await run(finder, [name], { timeoutMs: 5000 });
+        if (result.code === 0) {
+            const first = result.stdout.split(/\r?\n/).map((l) => l.trim()).find(Boolean);
+            return first ?? null;
+        }
+    }
+    catch {
+        // ignore
+    }
+    return null;
+}
+export function parseJsonl(content) {
+    const out = [];
+    for (const line of content.split(/\r?\n/)) {
+        const trimmed = line.trim();
+        if (!trimmed)
+            continue;
+        try {
+            out.push(JSON.parse(trimmed));
+        }
+        catch {
+            // skip malformed
+        }
+    }
+    return out;
+}

package/package.json

@@ -0,0 +1,35 @@
+{
+  "name": "@rectify-so/bridge",
+  "version": "0.1.0",
+  "description": "Rectify AgentPulse local bridge — securely connects locally-installed agent CLIs (Claude Code, Codex) and OpenClaw gateways to the Rectify dashboard over a reverse SSH tunnel.",
+  "type": "module",
+  "bin": {
+    "rectify-bridge": "dist/index.js"
+  },
+  "files": [
+    "dist"
+  ],
+  "engines": {
+    "node": ">=18"
+  },
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "start": "node dist/index.js",
+    "deploy": "npm run build && npm publish --access=public"
+  },
+  "keywords": [
+    "rectify",
+    "agentpulse",
+    "claude-code",
+    "codex",
+    "openclaw",
+    "bridge",
+    "tunnel"
+  ],
+  "license": "MIT",
+  "devDependencies": {
+    "@types/node": "^20.11.0",
+    "typescript": "^5.4.0"
+  }
+}